Forum Thread: Belkin UPS software contains old Java

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Belkin Corporation
And, this specific program:
Belkin Wireless G Router

This thread has been marked as locked.
PazivalRM Belkin UPS software contains old Java
Member 25th Sep, 2009 02:26
Ranking: 1
Posts: 17
User Since: 7th Jul, 2009
System Score: N/A
Location: AU
I am using a Belkin UPS, and I have intalled the Belkin UPS software, which is important because amongst other things it communicates with the UPS to shut down the computer safely in the event of a blackout.

Now Secunia tells me that I have a security problem with an out-of-date Java 6.0.0.105 within the Belkin software files. "This installation of Sun Java JRE 1.6.x / 6.x (Requires uninstall) is insecure and potentially exposes your system to security threats! Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program."

I have cut and pasted the technical details here:

- - - - - - - -
Technical details about this installation of Sun Java JRE 1.6.x / 6.x (Requires uninstall), you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected:
6.0.0.105

Installation Path:
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\java.exe
- - - - - - - -

The problem is that the Belkin software seems to use this particular file java.exe. When I temporarily renamed the file java.old. the software won't work properly.

I have sent a ticket about the situation to Belkin, but they have ignored it, which has not impressed me at all. It also doesn't impress me that a large company like Belkin is using out-of-date and dangerous software.

Java is otherwise up to date on my computer (Windows Vista Home Premium 32 bit on an ACER PC). I even managed to find a workaround to overcome the recent dreaded 25099 problem about unzipping files.

QUESTION 1: Can I ignore the problem because the out-of-date Java file is nested within the Belkin programme files, or is it still a vulnerability?

QUESTION 2: If the problem can't be ignored, can I somehow manually replace the out-of-date Java files into the Belkin software folder with an up-to-date version?

[NOTE: The specific UPS software was not available to be selected on Seconia's dropdown list labelled "Select the specific program".]

Slamgeden RE: Belkin UPS software contains old Java
Member 25th Sep, 2009 08:50
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
on 25th Sep, 2009 02:26, PazivalRM wrote:

QUESTION 1: Can I ignore the problem because the out-of-date Java file is nested within the Belkin programme files, or is it still a vulnerability?

QUESTION 2: If the problem can't be ignored, can I somehow manually replace the out-of-date Java files into the Belkin software folder with an up-to-date version?

[NOTE: The specific UPS software was not available to be selected on Seconia's dropdown list labelled "Select the specific program".]


1)
Never ignore any sort of vulnerability. A security flaw is a security flaw after all, and Belkin should know better.
2)
I'm not sure it's an entirely good idea. The Belkin software could easily depend on old features, or have this specific .exe linked to important libs. And a UPS is rather critical, isn't it?

--
Assorted Fnords.
Was this reply relevant?
+0
-0
PazivalRM RE: Belkin UPS software contains old Java
Member 25th Sep, 2009 14:44
Score: 1
Posts: 17
User Since: 7th Jul 2009
System Score: N/A
Location: AU
Thanks. Your reply encapsulates my problem:
1. I want the security of not having vulnerable Java.
2. I also want the security of having UPS software.

The question is, what do I do?
Was this reply relevant?
+0
-0
GailLA RE: Belkin UPS software contains old Java
Member 26th Sep, 2009 03:27
Score: 0
Posts: 8
User Since: 5th Dec 2008
System Score: N/A
Location: N/A
Everything I have that used old, insecure Java, still works when that old insecure Java is removed. To test, remove the files that are flagged as insecure. Back them up to a thumb drive or something and remove them from the computer (by an uninstaller if possible, but by deletion if not) Make sure you have the latest version of Java from java.com installed. Then try running your UPS software and see if it works. If it does, you can safely run it with the current version of Java.
Was this reply relevant?
+0
-0
PazivalRM RE: Belkin UPS software contains old Java
Member 26th Sep, 2009 07:42
Score: 1
Posts: 17
User Since: 7th Jul 2009
System Score: N/A
Location: AU
Success! This seems to have worked - thanks very much. But I had to delete the whole Java subdirectory within the Belkin software, not just the offending file.

There was no facility to uninstall the old version of Java, either in Control Panel, Uninstall, or in jv16Power Tools uninstall manager.

1. I first deleted just the file java.exe that Secunia was complaining about, and rebooted. The Belkin software did not work.

2. I then deleted the whole jre subdirectory that had contained the java.exe file (see my first post), and rebooted. This time, the Belkin software worked as it should.

Altogether, the whole experience seem to reflect badly on the software practices of both Belkin and Java.
Was this reply relevant?
+0
-0
GailLA RE: Belkin UPS software contains old Java
Member 26th Sep, 2009 18:37
Score: 0
Posts: 8
User Since: 5th Dec 2008
System Score: N/A
Location: N/A
I think it more reflects badly on the Belkin software design than on Java, but that's just my opinion. If Belkin had included a copy of Java with an installer, rather than just making it part of their program, this problem could have been avoided completely. But Belkin is not alone in this and once that directory has been deleted, it should not have to be done again.

I'm sorry my instructions were so vague, but I'm glad with that with the hint, you were able to get it to work out. Since I don't own a Belkin UPS or that software, I couldn't be specific. I agree that it is essential in older Windows, and nice in newer Windows (like in Win 7) to have the software from the manufacturer, instead of just the Windows supplied driver.
Was this reply relevant?
+0
-0

This thread has been marked as locked.